Re: [PATCH 1/4] block: Fix race on request_queue.end_io invocations

linux-scsi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Bart Van Assche <bvanassche@acm.org>
To: Jens Axboe <axboe@kernel.dk>
Cc: linux-scsi <linux-scsi@vger.kernel.org>,
	James Bottomley <jbottomley@parallels.com>,
	Mike Christie <michaelc@cs.wisc.edu>,
	Jun'ichi Nomura <j-nomura@ce.jp.nec.com>,
	Stefan Richter <stefanr@s5r6.in-berlin.de>,
	Tejun Heo <tj@kernel.org>
Subject: Re: [PATCH 1/4] block: Fix race on request_queue.end_io invocations
Date: Wed, 06 Jun 2012 13:10:24 +0000	[thread overview]
Message-ID: <4FCF56C0.50104@acm.org> (raw)
In-Reply-To: <4FCF50F7.2080008@kernel.dk>

On 06/06/12 12:45, Jens Axboe wrote:

> On 06/05/2012 07:10 PM, Bart Van Assche wrote:
>> Some request_queue.end_io implementations can be called safely
>> without the queue lock held while several other implementations
>> assume that the queue lock is held. So let's play it safe and
>> make sure that the queue lock is held around end_io invocations.
>> Found this through source code review.
>>
>> Signed-off-by: Bart Van Assche <bvanassche@acm.org>
>> Cc: Jens Axboe <axboe@kernel.dk>
>> Cc: Tejun Heo <tj@kernel.org>
>> Cc: <stable@kernel.org>
>> ---
>>  block/blk-exec.c |    2 +-
>>  1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/block/blk-exec.c b/block/blk-exec.c
>> index fb2cbd5..6724fab 100644
>> --- a/block/blk-exec.c
>> +++ b/block/blk-exec.c
>> @@ -54,10 +54,10 @@ void blk_execute_rq_nowait(struct request_queue *q, struct gendisk *bd_disk,
>>  	spin_lock_irq(q->queue_lock);
>>  
>>  	if (unlikely(blk_queue_dead(q))) {
>> -		spin_unlock_irq(q->queue_lock);
>>  		rq->errors = -ENXIO;
>>  		if (rq->end_io)
>>  			rq->end_io(rq, rq->errors);
>> +		spin_unlock_irq(q->queue_lock);
>>  		return;
>>  	}
> 
> I'm assuming you checked any in-kernel users of rq->end_io to ensure
> that it is fine? If so, patch looks fine to me. And I agree, it's not
> stable material.


The in-tree request.end_io implementations can be found as follows:
$ git grep -nHE 'end_io\(struct request .*[^;]$'
block/blk-flush.c:194:static void flush_end_io(struct request *flush_rq, int error)
block/blk-flush.c:275:static void flush_data_end_io(struct request *rq, int error)
block/bsg.c:336:static void bsg_rq_end_io(struct request *rq, int uptodate)
drivers/scsi/sg.c:1279:static void sg_rq_end_io(struct request *rq, int uptodate)

To me it looks like flush_end_io() and flush_data_end_io() need to be
called with the queue lock held since these access the queue state. For
bsg_rq_end_io() and sg_rq_end_io() this patch will trigger nested
locking. As far as I can see that should be fine though.

Bart.

next prev parent reply	other threads:[~2012-06-06 13:10 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-06-05 17:08 [PATCH 0/4 v7] Fixes for SCSI device removal Bart Van Assche
2012-06-05 17:10 ` [PATCH 1/4] block: Fix race on request_queue.end_io invocations Bart Van Assche
2012-06-05 21:32   ` Tejun Heo
2012-06-06 12:44     ` Bart Van Assche
2012-06-06 12:45   ` Jens Axboe
2012-06-06 13:10     ` Bart Van Assche [this message]
2012-06-05 17:11 ` [PATCH 2/4] scsi: Fix device removal NULL pointer dereference Bart Van Assche
2012-06-05 17:12 ` [PATCH 3/4] scsi: Change return type of scsi_queue_insert() into void Bart Van Assche
2012-06-05 17:14 ` [PATCH 4/4] scsi: Stop accepting SCSI requests before removing a device Bart Van Assche
2012-06-05 21:36   ` Mike Christie
2012-06-06 12:17     ` Bart Van Assche
2012-06-06 13:29       ` Mike Christie
2012-06-06 14:53         ` Bart Van Assche
2012-06-06 15:21           ` Mike Christie
2012-06-05 22:08   ` Mike Christie
2012-06-06 12:25     ` Bart Van Assche
2012-06-06 13:43       ` Mike Christie
2012-06-06 14:01         ` Mike Christie
2012-06-06 14:12         ` Mike Christie
2012-06-06 15:04           ` Bart Van Assche
2012-06-06 15:28             ` Mike Christie
2012-06-06 16:18               ` Bart Van Assche
2012-06-06 15:07         ` Bart Van Assche

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4FCF56C0.50104@acm.org \
    --to=bvanassche@acm.org \
    --cc=axboe@kernel.dk \
    --cc=j-nomura@ce.jp.nec.com \
    --cc=jbottomley@parallels.com \
    --cc=linux-scsi@vger.kernel.org \
    --cc=michaelc@cs.wisc.edu \
    --cc=stefanr@s5r6.in-berlin.de \
    --cc=tj@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).